Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    How to install ClamAV virus detection plugin for the Rosetta validation stack

    • Product: Rosetta

    Note that it must be installed on all APP servers.

    Procedure:


    Part I: SSH/UNIX

    1. Open a UNIX session as the 'root' user (or sudo).

     

    2. Install the package: yum install clamav clamd

     

    RH7: Install EPEL 7: yum install epel-release (sudo yum install may also work)

     

    RH7: Install ClamAV packages: yum install clamav clamav-scanner-systemd

     

    RH7: Create symbolic link to the default file path; link it to the clamd@scan file: ln -s /etc/clamd.d/scan.conf /etc/clamd.conf

     

    RH7: Edit the clamd-scanner package configuration: vi /etc/clamd.d/scan.conf

     

    Comment the example line: #Example

     

    Uncomment the LocalSocket config line to enable it: LocalSocket /var/run/clamd.scan/clamd.sock

     

    Save and quit the text editor.

     


    3. Start the ClamAV application: /etc/init.d/clamd start

     

    RH7: Turn on the SELinux boolean for antivirus: setsebool -P antivirus_can_scan_system 1

     

    RH7: Start the service and enable it at boot:

     

    systemctl start clamd@scan
    systemctl enable clamd@scan

    If the above doesn't work, first run: sudo freshclam

    After that, running "systemctl start clamd@scan" and "systemctl enable clamd@scan" should work.
     


    4. Confirm that the application is started: chkconfig clamd on (systemctl status clamd@scan may also work)

    Running systemctl status clamd@scan returns:

    sudo systemctl status clamd@scan
    clamd@scan.service - Generic clamav scanner daemon
       Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; enabled; vendor preset: di
       Active: active (running) since Thu 2018-09-27 11:15:19 EDT; 7min ago
     Main PID: 25611 (clamd)
       CGroup: /system.slice/system-clamd.slice/clamd@scan.service
               └─25611 /usr/sbin/clamd -c /etc/clamd.d/scan.conf

    Sep 27 11:15:19 rosetta1 clamd[25611]: ELF support enabled.
    Sep 27 11:15:19 rosetta1 clamd[25611]: Mail files support enabled.
    Sep 27 11:15:19 rosetta1 clamd[25611]: OLE2 support enabled.
    Sep 27 11:15:19 rosetta1 clamd[25611]: PDF support enabled.
    Sep 27 11:15:19 rosetta1 clamd[25611]: SWF support enabled.
    Sep 27 11:15:19 rosetta1 clamd[25611]: HTML support enabled.
    Sep 27 11:15:19 rosetta1 clamd[25611]: XMLDOCS support enabled.
    Sep 27 11:15:19 rosetta1 clamd[25611]: HWP3 support enabled.
    Sep 27 11:15:19 rosetta1 clamd[25611]: Self checking every 600 seconds.
    Sep 27 11:15:19 rosetta1 systemd[1]: Started Generic clamav scanner daemon.



    5. Download latest software updates for ClamAV: /usr/bin/freshclam (if you didn't already run it in step #3 above.)

     

    RH7: Install and configure the ClamAV update: yum install clamav-update

     

    RH7: Edit the configuration file: vi /etc/freshclam.conf

     

    Comment the example line: #Example

     

    RH7: Edit freshclam configuration file: vi /etc/sysconfig/freshclam

     

    Comment this line to enable crontab: #FRESHCLAM_DELAY=disabled-warn

     

    Save and quit the text editor.

     

    RH7: Run “freshclam” command to update the virus database


    6. Restart ClamAV: /etc/init.d/clamd restart (systemctl restart clamd@scan may also work)

    7. Enter "view /etc/hosts" to find local host:

    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    10.100.2.19 us-rosetta01.corp.exlibrisgroup.com us-rosetta01
    127.0.0.1 localhost.localdomain localhost
    ::1 localhost6.localdomain6 localhost6

    NOTE: Take the 127.0.0.1 address

    8. Enter "netstat -tulpn" to discover on which port the ClamAV is running (based on the host name):

    us-rosetta01-d4(1) >>netstat -tulpn [NOTE that RH6 and 7 results may vary]

    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 127.0.0.1:32000 0.0.0.0:* LISTEN 12962/java
    tcp 0 0 10.100.2.19:3873 0.0.0.0:* LISTEN 12962/java
    tcp 0 0 10.100.2.19:4801 0.0.0.0:* LISTEN 12962/java
    tcp 0 0 10.100.2.19:6852 0.0.0.0:* LISTEN 12962/java
    tcp 0 0 0.0.0.0:5989 0.0.0.0:* LISTEN -
    tcp 0 0 10.100.2.19:4712 0.0.0.0:* LISTEN 12962/java
    tcp 0 0 0.0.0.0:1801 0.0.0.0:* LISTEN 12962/java
    tcp 0 0 10.100.2.19:5801 0.0.0.0:* LISTEN 12962/java
    tcp 0 0 10.100.2.19:4713 0.0.0.0:* LISTEN 12962/java
    tcp 0 0 10.100.2.19:4457 0.0.0.0:* LISTEN 12962/java
    ********tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN -
    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
    tcp 0 0 10.100.2.19:2801 0.0.0.0:* LISTEN 12962/java

    NOTE: The port for 127.0.0.1 is 3310 as above.
    NOTE: Be sure that this port (3310) is open.

     

    9. Close (logout) of the UNIX session as the 'root' user (or sudo).

     

    10. Open a UNIX session as the 'dps' user.

     

    11. To deploy and Install the ClamAVVirusCheckPlugin.jar file:

     

    Download the Rosetta.ClamAVVirusCheckPlugin-master.zip package from here and unzip it:

      https://github.com/ExLibrisGroup/Rosetta.ClamAVVirusCheckPlugin/tree/master/target

    Alternatively, the file can also be retrieved from the target directory of the Rosetta.ClamAVVirusCheckPlugin-master folder.

    Extract the "ClamAVVirusCheckPlugin.jar" file that resides in Rosetta.ClamAVVirusCheckPlugin-master\target\ to the following directory:

      $op_dir/plugins/custom/ [e.g. /operational_shared/plugins/custom]

    Directories should look like this after installation:

    /operational_shared/plugins/custom/
    drwxrwxr-x 6 dps exlibris  260 Jan  3  2016 Rosetta.ClamAVVirusCheckPlugin-master
    -rw-rw-r-- 1 dps exlibris 1816 Jan  3  2016 ClamAVVirusCheckPlugin.jar
    drwxrwxr-x 3 dps exlibris  114 Sep 13 15:20 deploy
    drwxrwxr-x 3 dps exlibris   47 Sep 13 16:19 bin

    /operational_shared/plugins/custom/deploy/
    drwxrwxr-x 6 dps exlibris     260 Jan  3  2016 Rosetta.ClamAVVirusCheckPlugin-master
    -rw-rw-r-- 1 dps exlibris 5321957 Sep 13 15:20 Rosetta.ClamAVVirusCheckPlugin-master.zip

    Then run:
    chown dps:exlibris /operational_shared/plugins/custom
    chown dps:exlibris /operational_shared/plugins/custom/ClamAVVirusCheckPlugin.jar
    chmod 664 /operational_shared/plugins/custom/ClamAVVirusCheckPlugin.jar


    The 'dps' user should have read/write permissions on this file.
    Rosetta will display the plug-in in the list of custom plug-ins available for installation.
    If you are installing a new plugin, there is no need to restart Rosetta.
    If you are upgrading an existing plugin a restart is necessary, and you must be sure to increment the plugin version.
    Refer to the 'General Attributes' section of: https://developers.exlibrisgroup.com/rosetta/sdk/plugins

     


    Part II: Rosetta Application

    10. Go to Advanced Configuration > Plug-In Management > Custom Tab > Plug-In Information and add the following:

     

    Click "Add plug-in Instance" and you should see "ClamAVVirusCheckPlugin"

     

    Click "Install"


    Plug-In Name: SLUBVirusCheckClamAVPlugin
    Description: SLUB Virus Check Plugin using installed ClamAV daemon via tcp-sockets
    host: take from /etc/hosts reslt (e.g. 127.0.0.1)
    port: take from netstat -tulpn result (e.g. 3310)
    timeout: 1000 (milliseconds)


    Click "Save" to save your changes

     

    Click the checkmark in the "Active" column to enable.

    12. Go to Advanced Configuration > Repository > Task Chain List: Filter Validation Stack > Add Task Chain:

    Name/Description: Validation Stack with ClamAV
    Add Task: Virus Check
    Name/Description: Virus Check
    Level: File
    Status: Active
    Task Chain Level: IE
    Groups: Validation Stack, Maintenance, etc.
    Task Parameters: SLUBVrusCheckClamAVPlugin

    Note that upon successful implementation of the plugin, Rosetta will copy the jar file to $op_dir/plugins/custom/deploy [e.g. /operational_shared/plugins/custom/deploy]

    13. Run ingest that uses this task to test.

    Additional Information

    As per step #7 above, be sure that this port (3310) is open.

    NOTE: there is a file size limitation with the clamd configuration.
    If SIPs fail the virus check after completing configurations to use this plugin, do the following:

    1. Connect to Rosetta via ssh and vi /etc/clamd.conf
    2. Uncomment and update the following line in the file and restart clamd:
    #StreamMaxLength 10M (change to 500M)

    Installing ClamAV from EPEL to CentOS/Red Hat 7 full instructions

     

    ClamAV Sources:

    SLUB version of ClamAV

    Simple script ClamAV

     

    Category: Plugin Framework


    • Article last edited: 27-Sep-2018
    • Was this article helpful?